Thought Leadership

Scanning ALL Infrastructure Devices Is Essential!

NSA: China is Exploiting These Vulnerabilities. Patch Now.

cybersecurity vulnerability scanningMany companies and IT providers patch monthly for Microsoft Windows.  Some even patch Microsoft apps monthly, however, even the most diligent IT shops may only look at patching infrastructure devices once or twice a year.

Examples of devices that should be regularly scanned for vulnerabilities include firewalls, switches, routers, 3rd party apps, IP Cameras, or network storage devices.

The following article highlights why companies should regularly run vulnerability scans for all of their devices so they can keep their systems secure.

#

NSA: China is Exploiting These Vulnerabilities. Patch Now.*

The US National Security Agency (NSA) has published a cybersecurity advisory listing 25 vulnerabilities that Chinese state-sponsored hackers are most frequently exploiting to gain access to “computer networks of interest that hold sensitive intellectual property, economic, political, and military information.” All 25 flaws are known and have fixes available.

Editor’s Note

[Ullrich]
This report shows how nation-state actors are using the same flaws everybody else is abusing to compromise networks. The list is led by flaws in perimeter security devices. These flaws have been heavily abused by ransomware gangs, crypto coin miners, and essentially anybody interested in breaching a corporate network. A good reminder to review your vulnerability scans. If you find any of these 25 flaws included, assume that it has already been exploited. Even if you are not the targeted of Chinese nation-state attackers.

[Neely]
While it is interesting to note that the list includes vulnerabilities from 2015 and 2018, don’t look to the specific vulnerabilities exploited, look to the general cyber hygiene recommendations. Regularly patch and verify the security of products, replace old or obsolete products, use internal trusted or isolated management networks, block deprecated services at the perimeter, enabling logging, alerting, and monitoring. Remember to validate systems for signs of compromise during the interval prior to the update, and address any issues discovered.

[Honan]
Excellent resource.

Read more in:
– threatpost.com: Bug Parade: NSA Warns on Cresting China-backed Cyberattacks
– www.zdnet.com: NSA publishes list of top vulnerabilities currently targeted by Chinese hackers
– duo.com: Enterprises Should Fix These 25 Flaws
– www.scmagazine.com: NSA releases list of 25 vulnerabilities targeted by China
– media.defense.gov: Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities (PDF)

The current list of vulnerabilities can be obtained from here: https://media.defense.gov

#

Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706

*www.sans.org

  • Industry

  • Category

  • Regulation

  • Solution